HostedDB - Dedicated UNIX Servers
index_168
Router Security Configuration Guide UNCLASSIFIED 168 UNCLASSIFIED Version 1.0g identified by a map-name and a positive integer sequence number (called seq-num below). The map-name used can represent one or more crypto maps, while the sequence numbers are used to set the priority for two or more crypto maps with the same name. If two or more crypto maps with the same name are used, those with lower the sequence numbers have higher priority. The following example shows the construction of a single crypto map for the North and Remote routers, which combine the previously entered configuration information. See “Configuring IPSec Network Security” in the Cisco IOS 12.0 Security Configuration Guide to learn more about crypto maps. The syntax for the crypto map command is: crypto map map-name seq-num ipsec-isakmp. Configure the IPSec crypto maps using the following commands: North#   North# config t Enter configuration commands, one per line. End with CNTL/Z. North(config)# crypto map pipe-1 1 ipsec-isakmp ! The name pipe-1 is an arbitrary name North(config-crypto-map)# match address 161 North(config-crypto-map)# set peer 7.12.1.20 North(config-crypto-map)# set transform-set set1 ! The following are optional, they limit the length of time and   ! number of bytes the tunnel is good for data protection before   ! automatic rekeying occurs North(config-crypto-map)# set security-assoc lifetime kilo 80000 North(config-crypto-map)# set security-assoc lifetime sec 26400 North(config-crypto-map)# exit North(config)# exit North# and Remote#   Remote# config t Enter configuration commands, one per line. End with CNTL/Z. Remote(config)# crypto map pipe-1 1 ipsec-isakmp ! The name pipe-1 is an arbitrary name Remote(config-crypto-map)# match address 161 Remote(config-crypto-map)# set peer 14.2.0.20 Remote(config-crypto-map)# set transform-set set1 ! The following are optional, they limit the length of time and   ! number of bytes the tunnel is good for data protection before   ! automatic rekeying occurs Remote(config-crypto-map)# set security-assoc lifetime kilo 80000 Remote(config-crypto-map)# set security-assoc lifetime sec 26400 Remote(config-crypto-map)# exit Remote(config)# exit Remote# The command show crypto map  will display the following information on the North router (assuming no other crypto maps have been entered):